Compliance, Security, and Privacy
CorpusIQ LLC, Scottsdale, Arizona. Last updated:
.
Contact:
security@corpusiq.io,
privacy@corpusiq.io.
Purpose
This page documents the technical and organizational measures we apply to protect user data. It also provides exact answers for Apple and OpenAI reviewers.
For Terms and conditions Click Here.
Product scope
- Sources: iCloud Mail, iCloud Drive. User-authorized only. No device agents. No browser extensions.
- Outputs: in-chat answers, ranked references, and optional deep search results.
- Storage: embeddings and minimal metadata. No raw file bodies stored. Read-only access to connected data.
- Controls: per user namespace, immediate deletion endpoint, immutable audit trail.
Data inventory and flow
- Encrypted retrieval: data is encrypted in transit and at rest, scoped per user.
- User-scoped isolation: each account operates in a separate namespace with no cross-access.
- Ephemeral context: only short-lived query context is passed to ChatGPT, never persisted.
Data types
- Identifiers: email address, Apple OAuth subject, internal user ID.
- Content derived data: text chunks and vector embeddings.
- Operational data: access logs, deletion receipts, billing records.
Excluded data
- No sale of personal data.
- No third party ads. No trackers beyond analytics with IP masking.
- No raw credentials storage. Tokens are scoped and revocable.
High level flow
- User signs in with Apple. We receive an OAuth subject and a short lived token.
- User connects iCloud Mail or Drive using app specific credentials or Apple APIs.
- Backend converts text to embeddings. Raw text can be streamed only for processing, then discarded after chunking unless the user enables deep archive.
- At query time we retrieve top results by similarity, generate an answer, and show citations.
- Deletion removes embeddings, metadata, and tokens. An audit entry records the deletion event.
Data classification
| Class | Examples | Encryption | Retention |
|---|---|---|---|
| Account | Email, OAuth subject | AES-256 at rest | Until account deletion |
| Derived | Embeddings, chunk IDs | AES-256 at rest | Until connector revocation or account deletion |
| Operational | Audit logs, deletion receipts | AES-256 at rest | 24 months, security only |
Security controls
- Transport security: TLS 1.3 only, HSTS, forward secrecy.
- Encryption at rest: AES-256, managed keys, key rotation every 90 days.
- Network: private subnets, deny by default, WAF and rate limits on all public endpoints.
- Access: SSO, least privilege, hardware key for production access. Production data is not copied to developer laptops.
- Secrets: stored in a dedicated secrets manager, never in source control.
- Logging: structured logs, immutable audit stream, retention as stated.
- Pen-testing: independent assessment at least annually, remediation tracked to closure.
- Business continuity: daily encrypted backups, restore tests every 30 days.
- Change control: versioned IaC, peer review, and staged rollouts.
Privacy and lawful basis
- Lawful basis: user consent at connection time, with clear scopes.
- Children: not directed to children under 16.
- Do not sell personal information. No cross context behavioral advertising.
- International transfers: standard contractual clauses where relevant.
Retention and deletion
We store zero customer data by default. Embeddings and metadata are retained only while the connector is active. Deletion is immediate via API or in-app controls, with an audit receipt returned on every deletion event.
Deletion API
DELETE https://api.corpusiq.io/v1/delete_my_data
Authorization: Bearer <token>
Response 200
{
"status": "deleted",
"deleted_resources": ["embeddings","metadata","tokens"],
"audit_id": "del_01J9Z3R4A2",
"timestamp": "2025-10-14T15:32:10Z"
}- Connector revocation removes all associated embeddings and tokens immediately.
- Audit receipts are retained for 24 months for compliance purposes only.
- Account deletion removes all data, tokens, and metadata with a final audit receipt.
- No backups of customer content are retained after deletion.
Subprocessors
| Vendor | Purpose | Data types | Region | DPAs |
|---|---|---|---|---|
| OpenAI | Model inference | Prompts and derived embeddings | USA | Data protection terms published by vendor |
| Cloud hosting provider | Compute and storage | Encrypted data at rest | USA | DPA in place |
| Analytics with IP masking | Product analytics | Anonymized events | USA | DPA in place |
Incident response
- Detect and triage. Open a ticket, assign severity.
- Contain, eradicate, and recover.
- Notify affected users within 72 hours after confirmation, when legally required.
- Retrospective with corrective actions and ownership.
Annual reviews and audits
- SOC 2 readiness program with quarterly control checks.
- Independent pen-test at least once per year.
- Vendor reviews and DPA renewals annually.
User data rights
Users can request access, correction, export, and deletion of their data. Contact privacy@corpusiq.io. We respond within 30 days.
Notes for Apple and OpenAI reviewers
Apple
- Sign in with Apple is required for account creation.
- iCloud Mail and Drive connections are user initiated. We do not store raw Apple content by default.
- Domain ownership verified. Callback: /oauth/apple/callback.
OpenAI
- Actions use a documented OpenAPI spec with three endpoints: /v1/query, /v1/deep_search, /v1/delete_my_data.
- We provide a reviewer account with synthetic data and a Postman collection.
- No background data extraction. Only user invoked actions.
Public API and examples
OpenAPI
{
"openapi": "3.0.3",
"info": {"title": "CorpusIQ API", "version": "1.0.0"},
"servers": [{"url": "https://api.corpusiq.io"}],
"paths": {
"/v1/query": {"post": {"summary": "Query connected data", "requestBody": {"required": true}, "responses": {"200": {"description": "OK"}}}},
"/v1/deep_search": {"post": {"summary": "Query deep archive", "requestBody": {"required": true}, "responses": {"200": {"description": "OK"}}}},
"/v1/delete_my_data": {"delete": {"summary": "Delete user data", "responses": {"200": {"description": "Deleted"}}}}
}
}cURL examples
# Query
curl -s -X POST https://api.corpusiq.io/v1/query \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"q":"what is the renewal date for the ACME contract"}'
# Deep search
curl -s -X POST https://api.corpusiq.io/v1/deep_search \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"q":"Q4 keyword performance report"}'
# Deletion
curl -s -X DELETE https://api.corpusiq.io/v1/delete_my_data \
-H "Authorization: Bearer $TOKEN"Change log
- 2025-12-31, initial publication with reviewer notes and API examples.